HTTP: Jenkins Plugin Resources Directory Traversal
This signature detects attempts to exploit a known vulnerability against Jenkins. Successful exploitation could lead to the disclosure of sensitive information.
Extended Description
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded.
Affected Products
Oracle communications_cloud_native_core_automated_test_suite
Short Name
HTTP:DIR:JENIKINS-PLUGIN-DIR
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-6356 Directory Jenkins Plugin Resources Traversal bid:103037
Release Date
03/07/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
Jenkins
CVSS Score
4.0